﻿<?php
class DAO {

    private static $connection;
    private static $sqlProtect = '1';
    private static $xssProtect = '1';
    private $tableName;

    public function __construct($tableName) {
        
        if (!self::$connection) { 
        
            include_once('conect.php');
            self::conectToDB(DB_USER, DB_PASS, DB_HOST, DB_DATABASE);
        }
        
        $this->tableName = $tableName;
    }
    
    private static function conectToDB($user, $pass, $host, $database) {
    
        self::$connection = mysql_connect($host, $user, $pass);
     
        if (self::$connection) {
            if (!mysql_query("USE $database")) {
                include_once('db.php');
            }
        
            mysql_select_db($database, self::$connection);
            mysql_query('SET NAMES UTF8');
        }
    }
    
    public function fetch($value, $key = 'id', $field = '*') {
        
        $value = $this->sqlProtect($value);
        $value = $this->xssProtect($value);
        
        $sql = 'SELECT ' . $field . ' FROM ' . $this->tableName . ' WHERE ' . $key . ' = "' . $value . '"';
                
        $results = mysql_query($sql, self::$connection);
        
        if (!$results) {return false;}
        
        $rows = array();
        while ($result = mysql_fetch_array($results, MYSQL_ASSOC)) {
            $rows[] = $result;
        }
        
        return $rows;
    }
    
        public function fetchByArray($arr, $fields = '*', $key = 'id' ) {
        
            $arr = $this->sqlProtect($arr);
            $arr = $this->xssProtect($arr);
        
            $values = implode(',', $arr);
        
            $sql = 'SELECT ' . $fields . ' FROM ' . $this->tableName . ' WHERE ' . $key . ' IN(' . $values . ')';
                
            $results = mysql_query($sql, self::$connection);
        
            if (!$results) {return false;}
        
            $rows = array();
            while ($result = mysql_fetch_array($results, MYSQL_ASSOC)) {
            $rows[] = $result;
        }
        
        return $rows;
    }
    
    public function update($keyedArray) {
        
        $primaryKey = 'id';
    
        $keyedArray = $this->sqlProtect($keyedArray);
        $keyedArray = $this->xssProtect($keyedArray);
    
        $sql = 'UPDATE ' . $this->tableName . ' SET ';
        
        $updates = array();
        foreach ($keyedArray as $column=>$value) {
            $updates[] = "{$column}='{$value}'";
        }
        
        $sql .= implode(',', $updates);
        $sql .= "WHERE {$primaryKey}='{$keyedArray[$primaryKey]}'";
        
        mysql_query($sql, self::$connection);
    }
    
    public function updateKarma() {
        $sql = 'UPDATE ' . $this->tableName . ' SET karma = karma - 0.01  WHERE 1 = 1';
        mysql_query($sql, self::$connection);
    }

    public function addEntry($keyedArray) {
    
        $keyedArray = $this->sqlProtect($keyedArray);
        $keyedArray = $this->xssProtect($keyedArray);         
    
        $keys = array_keys($keyedArray);
        $k = implode(',',$keys);
        $v = '"';
        $v .= implode('","',$keyedArray);
        $v .= '"';
        
        $sql = 'INSERT INTO ' . $this->tableName . '(' . $k . ') VALUES(' . $v . ')';
        mysql_query($sql, self::$connection);
    }
    
    public function delEntry($value, $key = 'id') {

        $value = $this->sqlProtect($value);
        $value = $this->xssProtect($value);
        
        if ( is_null($key) ) {
            $key = $this->primaryKey;
        }
        
        $sql = 'DELETE FROM ' . $this->tableName . ' WHERE ' . $key . ' = "' . $value . '"';
        mysql_query($sql, self::$connection);
    }
    
    private function sqlProtect($params) {
        
        if (self::$sqlProtect) {
            if (!get_magic_quotes_gpc()) {
                if(is_array($params)) {
                    foreach($params as $k => $v) {
                        if(is_array($v)) {
                            $params[$k] = $this->sqlProtect($v);
                        } else {
                            $params[$k] =  mysql_real_escape_string($v);
                        } 
                    }
                } else {
            
                $params =  mysql_real_escape_string($params);
                }
            }
        }
        return $params;
    }
    
    private function xssProtect($params) {
        if(self::$xssProtect) {
            if(is_array($params)) {
                foreach($params as $k => $v) {
                    if(is_array($v)) {
                        $params[$k] = $this->xssProtect($v);
                    } else {
                        $params[$k] = htmlspecialchars($v);
                    } 
                }
            } else {
            
                $params = htmlspecialchars($params);
            }
        }
        
        return $params;
    }
}


?>